Password Aliases Overview

By default, passwords within Payara Server are treated like any other property
and are stored in plaintext. Passwords stored in plaintext are a security
risk, as you can directly read them, unencrypted and unobstructed.

A password alias allows you to have a plaintext reference to an encrypted
password stored on the server, with the alias being used wherever the
password is needed.

Using a password alias within the Admin Console

To use a password alias, navigate to any configuration view where you would
have previously entered a password in plaintext format:

In place of the password, you can enter an alias which corresponds to the password
in the form: ${ALIAS=<password-alias-name>}:

To create a password alias from the admin console, read the instructions detailed
here.

Using a password alias on the command line

On the command line, when using asadmin commands where you would previously
have entered a password, you can instead enter the password placeholder ${ALIAS=<example-alias-name>}
to avoid having passwords stored in the configuration in plain text.

Here is an example of setting the user’s password for a JDBC connection pool: